Can you check the Malware page in Webmaster Tools again? There might have been a short delay for the Webmaster Tools to update with the data.

Also, looking at the userprefs.js file now, it doesn't looked compromised any more. Given your comment about being "very baffled", I strongly suggest looking into how it was hacked to begin with and how it got fixed.